Hello Mark,
Is this the correct discussion thread :
https://www.mail-archive.com/users@tomcat.apache.org/msg132812.html
Thanks,
Vipul
-Original Message-
From: Mark Thomas
Sent: Wednesday, September 18, 2019 7:07 PM
To: dev@tomcat.apache.org
Subject: Re: Tomcat 7.0.96 - Issue with Kerberos Authentication
This is a question for the users list.
And a review of the recent archives for that list will find a similar question
along with a solution.
Mark
On 18/09/2019 11:35, Mehta, Vipul wrote:
> In case of Kerberos authentication of user with tomcat webapp via
> browser, we are facing issue with following class in tomcat version 7.0.96:
>
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Fapache%2Ftomcat%2Fblob%2F7.0.x%2Fjava%2Forg%2Fapache%2Fcatali
> na%2Fconnector%2FRequest.javadata=02%7C01%7Cvmehta%40informatica.
> com%7Ce54a477b0a9b43cb823108d73c3d49b5%7C2638f43ef77d4fc7ab927b753b787
> 6fd%7C0%7C1%7C637044106235837509sdata=lVVR0J3Nx0uQdOlbrHI4a6b3n8M
> G6cxHRHH%2BHU8nkAI%3Dreserved=0
>
>
>
> public Principal getUserPrincipal()
>
> => return ((GenericPrincipal) userPrincipal).getUserPrincipal();
> #LINE-2650
>
>
>
> This returns javax.security.auth.kerberos.KerberosPrincipal instance
> using which it is not possible to get the actual delegated credential.
>
> Shouldn't it simply return GenericPrincipal instance which contains
> KerberosPrincipal as well as delegated GSSCredential ?
>
>
>
> We are using following realm config in server.xml:
>
> className="org.apache.catalina.realm.JAASRealm"
> roleClassNames="org.apache.catalina.realm.GenericPrincipal"
> stripRealmForGss="false" useContextClassLoader="false"
> userClassNames="org.apache.catalina.realm.GenericPrincipal,
> javax.security.auth.kerberos.KerberosPrincipal"/>
>
>
>
>
>
> Thanks,
>
> Vipul
>
>
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional
commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
